This invention relates generally to password security systems, and more particularly, the present invention relates to a method, system and storage medium for determining trivial keyboard sequences of proposed passwords.
Secure computer network systems rely on security mechanisms to protect the integrity of the applications and information stored therein. Password-based mechanisms are the most common of these security systems and involve the selection of a string of alphanumeric characters that can be assigned either by a system administrator or self-assigned by a system user. The effectiveness of these security mechanisms depend, in part, upon the ability of system users to maintain discreet password usage over time and throughout the duration of network access. One difficulty, however, lies in the struggle to create a balance between the need for providing easily-remembered passwords against the security risks in doing so. Common words and phrases are vulnerable to external and internal attack. Various software programs exist that attempt to gain access to computer systems via systematic login attempts using common words and phrases (also referred to as weak passwords) until a match is found. Selecting non-obvious passwords may not necessarily solve the security problem because they are subject to compromise when password owners who have trouble remembering them resort to keeping written notes with the password. The chances of the written password getting into the wrong hands becomes a risk to the security of the network system.
Virtually every operating system environment provides some controls which attempt to ensure the quality of passwords. Types of controls include: requiring periodic changes of passwords, preventing password re-use, defining minimum length standards for passwords, adopting semantic content restrictions (e.g., passwords may not contain any three-character abbreviation for the months of the year, or a new password may not contain any three sequential characters that are the same as in the existing password), as well as trivial keyboard sequences (e.g., “qwerty”).
Various solutions have been devised to reduce or eliminate the problem of weak passwords (e.g., those utilizing common words or trivial keyboard sequences). Known solutions directed to weak passwords relate to password evaluation systems that evaluate the proposed password or substrings of the password against a ‘dictionary’ or database of known ‘bad’ password sets, either via a statistical method or a hashing table. These solutions are somewhat limited in that their success depends heavily on the quality and comprehensiveness of the ‘bad’ password sets. They are also time consuming since proposed passwords and/or its substrings must be each compared against voluminous database entries. Also, there is no guarantee a match will be found for certain common words. Trivial keyboard passwords may be particularly immune from implementation of these solutions because they do not conform to general ‘dictionary’-based requirements but instead use computer keyboard sequences. Determining keyboard triviality in prior art systems generally involves checking the password against known character strings, that are stored in a data file. This is a time-consuming process as large database searches are required and all variations of keyboard sequences would be necessary to ensure success.
What is needed is quicker and more direct way to determine trivial keyboard sequences of proposed passwords.